config changes, bugfix 15.1.1 release

Changelog

@@ -1,5 +1,8 @@
 * 1.15.1 2021-07-06 - robl
    - Bugfix: Exit after sample file size exceeds MAX_SAMPLE_SIZE.
+   - Move more options to config file
+   - Make update_ethers tool use CONFIG.
+   - Fix auto_sponge/sponge to use -c <config> without breaking existing cmd options
 
 * 1.15 2021-06-24 - robl
    - Move example config file location and default location to avoid clash

IXP-Manager/auto_sponge

@@ -51,28 +51,37 @@
 # ----------------------------------------------------------------------
 # CONFIG VARS
 # ----------------------------------------------------------------------
+# Defaults: override in CONFIG file if needed
+SHOW_OUTPUT=1         # Show normal output (configure what to do in do_msg)
+                      # If set to 0, only errors will be output.
+# ----------------------------------------------------------------------
+# Where is config vars file:
+CONFIG=/etc/ixpwatch/config.sh
 
-MY_NET="5.57.80.0"    # network base address
-MASK="22"             # network CIDR mask
-INTERFACE="eth1"      # interface to bind IPs to
-# INTERFACE=`/usr/bin/netstat -arn | grep -w ^${MY_NET} | awk '{print $8}'`
+ARPSPONGES="/tmp/arpsponges.$$"
+ARPDIFF="/tmp/arpsponge.$$"
 
-JQ="/usr/bin/jq"           # Where is jq (for JSON)
-COMM="/usr/bin/comm"       # comm cmd
-WGET="/usr/bin/wget"       # Where is wget/curl
-WGET_OPTS="-qO -"          # wget opts to get to stdout
-SIPCALC="/usr/bin/sipcalc" # sipcalc
-IP="/sbin/ip"              # ip cmd
-NETSTAT=`which netstat`    # netstat cmd
+# Config file can also be specified from the command line with -c <filename> [opts]
+optstring=":c:"
 
-# Where to get sponge list: 
-URL="https://<your_ixpmanager_server>/cgi-bin/json_arpsponges"
+while getopts ${optstring} arg; do
+  case "${arg}" in
+    c)
+            # Set config file:
+            CONFIG=${OPTARG}
+            shift
+    ;;
+  esac
+  shift
+done
 
-ARPSPONGES="/tmp/arpsponges.$$"
-ARPDIFF="/tmp/arpsponge.$$"
 
-SHOW_OUTPUT=1         # Show normal output (configure what to do in do_msg)
-                      # If set to 0, only errors will be output.        
+if [ ! -f $CONFIG ] ; then
+ echo "Could not open config file $CONFIG!"
+ exit 1
+fi
+
+source $CONFIG
 # ----------------------------------------------------------------------
 
 # What to do with error messages:
@@ -113,9 +122,9 @@ if [ ! -x "$SIPCALC" ] ; then do_suberror "WARNING: sipcalc not found! No subnet
 get_json () {
   local ret=0
   GET=$1
-  REQUEST=`${WGET} ${WGET_OPTS} ${URL}${GET}`
+  REQUEST=`${WGET} ${WGET_OPTS} ${URL_ARPSPONGE}${GET}`
   ret=$?
-  if [ $? != 0 ] ; then do_error "ERROR: failed to get JSON: ${WGET} ${WGET_OPTS} ${URL}${GET}"; ret=1; fi
+  if [ $? != 0 ] ; then do_error "ERROR: failed to get JSON: ${WGET} ${WGET_OPTS} ${URL_ARPSPONGE}${GET}"; ret=1; fi
   echo "${REQUEST}"
   return $ret
 }
@@ -136,7 +145,7 @@ get_spongelist () {
 # get list of secondary IPs applied to interface
 get_boundlist () {
    local ret=0;
-   local boundlist=`${IP} addr show dev ${INTERFACE} to ${MY_NET}/${MASK} scope global secondary | grep inet | awk '{print $2}' | cut -d/ -f1 | sort -t . -k 3,3n -k 4,4n`
+   local boundlist=`${IP} addr show dev ${CAP_INTERFACE} to ${MY_NET}/${MASK} scope global secondary | grep inet | awk '{print $2}' | cut -d/ -f1 | sort -t . -k 3,3n -k 4,4n`
    ret=$?
 
    echo "$boundlist"
@@ -157,15 +166,15 @@ do_ip_add () {
      if [ -x "${SIPCALC}" ] ; then
        IS_IN_NET=`${SIPCALC} $O_ADDR/$MASK | grep "^Network address" | awk -F"- " '{print $2}'`
        if [ ! "$IS_IN_NET" = "$MY_NET" ] ; then
-           do_suberror "Bad address: $O_ADDR for interface $interface: $MY_NET/$mask, Address $O_ADDR wrong mask or subnet: $MY_NET/$MASK"
+           do_suberror "do_ip_add: $O_ADDR not in subnet for interface: ${CAP_INTERFACE} (${MY_NET}/${MASK})"
            ret=1
        fi
      fi
 
    # Check if address is already bound:
-   IS_ALREADY_SPONGED=`${IP} addr show dev ${INTERFACE} to ${MY_NET}/${MASK} scope global secondary | grep inet | grep -cw "$O_ADDR"`
+   IS_ALREADY_SPONGED=`${IP} addr show dev ${CAP_INTERFACE} to ${MY_NET}/${MASK} scope global secondary | grep inet | grep -cw "$O_ADDR"`
     if [ "$IS_ALREADY_SPONGED" = "1" ] ; then
-     do_suberror "do_ip_add: $O_ADDR is already bound to interface ${INTERFACE}. No action taken."
+     do_suberror "do_ip_add: $O_ADDR is already bound to interface ${CAP_INTERFACE}. No action taken."
      ret=1
      return $ret
     fi
@@ -188,13 +197,13 @@ do_ip_add () {
     return $PINGRESULT
    fi
 
-  ${IP} addr add $O_ADDR/$MASK dev $INTERFACE
+  ${IP} addr add $O_ADDR/$MASK dev $CAP_INTERFACE
   ADDRESULT="$?"
 
   if [ "$ADDRESULT" = "0" ] ; then
-   do_msg "Sponged IP ${O_ADDR} added to interface ${INTERFACE}"
+   do_msg "Sponged IP ${O_ADDR} added to interface ${CAP_INTERFACE}"
   else
-   do_error "FAILED - IP addr add command failed for some reason: ${IP} addr add $O_ADDR/$MASK dev $INTERFACE"
+   do_error "FAILED - IP addr add command failed for some reason: ${IP} addr add $O_ADDR/$MASK dev $CAP_INTERFACE"
    return $ADDRESULT
   fi
 
@@ -210,18 +219,18 @@ do_ip_del () {
   O_ADDR=`echo $address | cut -d/ -f1`
 
    # Check if address is already bound:
-   IS_ALREADY_SPONGED=`${IP} addr show dev ${INTERFACE} to ${MY_NET}/${MASK} scope global secondary | grep inet | grep -cw "$O_ADDR"`
+   IS_ALREADY_SPONGED=`${IP} addr show dev ${CAP_INTERFACE} to ${MY_NET}/${MASK} scope global secondary | grep inet | grep -cw "$O_ADDR"`
     if [ ! "$IS_ALREADY_SPONGED" = "1" ] ; then
-     do_suberror "do_ip_del: $O_ADDR is not bound to interface ${INTERFACE}. No action taken."
+     do_suberror "do_ip_del: $O_ADDR is not bound to interface ${CAP_INTERFACE}. No action taken."
      ret=1
      return $ret
     fi
 
-   ${IP} addr del $O_ADDR/$MASK dev $INTERFACE
+   ${IP} addr del $O_ADDR/$MASK dev $CAP_INTERFACE
    DELRESULT="$?"
 
   if [ "$DELRESULT" = "0" ] ; then
-   do_msg "Sponged IP ${O_ADDR} removed from interface ${INTERFACE}"
+   do_msg "Sponged IP ${O_ADDR} removed from interface ${CAP_INTERFACE}"
   else
    do_error "FAILED - IP addr del command failed for some reason!"
    ret=1
@@ -235,10 +244,10 @@ do_ip_del () {
 ACTION=`echo "$1" | sed s/\^-//g | tr [A-Z] [a-z]`
 
 # Check interface:
-INT_CHECK=`${NETSTAT} -arn | grep -w ^${MY_NET} | grep -wc ${INTERFACE} || INT_CHECK=0`
+INT_CHECK=`${NETSTAT} -arn | grep -w ^${MY_NET} | grep -wc ${CAP_INTERFACE} || INT_CHECK=0`
 
 if [ "$INT_CHECK" = "0" ] ; then
-   do_error "ERROR: interface ${INTERFACE} is down, not found or not configured for network ${MY_NET}"
+   do_error "ERROR: interface ${CAP_INTERFACE} is down, not found or not configured for network ${MY_NET}"
    exit 1
 fi
 
@@ -277,8 +286,8 @@ fi
 
 if [ "$ACTION" = "stop" ] ; then
 
-${IP} addr show dev ${INTERFACE} to ${MY_NET}/${MASK} scope global secondary | grep inet | awk '{print $2}' | \
-	 awk -v interface="$INTERFACE" -v ip="$IP" '{print ip " addr del "$1" dev "interface}' | sh
+${IP} addr show dev ${CAP_INTERFACE} to ${MY_NET}/${MASK} scope global secondary | grep inet | awk '{print $2}' | \
+	 awk -v interface="$CAP_INTERFACE" -v ip="$IP" '{print ip " addr del "$1" dev "interface}' | sh
 
 fi # end of stop bit
 
@@ -321,7 +330,7 @@ RED=$'\e[1;31m'
 GREEN=$'\e[1;32m'
 UNSET=$'\e[0m'
 
-  echo "$GREEN:::: Applied arp sponges on interface $INTERFACE:"
+  echo "$GREEN:::: Applied arp sponges on interface $CAP_INTERFACE:"
 
   # get list of secondary IPs currently bound to interface:
   BOUNDLIST=$(get_boundlist)
@@ -339,14 +348,14 @@ UNSET=$'\e[0m'
   # check for listed but not bound:
   LISTED_BUT_NOT_BOUND=`cat ${ARPDIFF} | cut -f1 | ${COMM} -13 --nocheck-order ${ARPSPONGES} -`
   if [ ! ${#LISTED_BUT_NOT_BOUND} = 0 ] ; then
-  echo "$RED:::: WARNING: The following IPs are listed as sponged but are NOT bound to $INTERFACE:"
+  echo "$RED:::: WARNING: The following IPs are listed as sponged but are NOT bound to $CAP_INTERFACE:"
   cat ${ARPDIFF} | cut -f1 | ${COMM} -13 --nocheck-order ${ARPSPONGES} - | xargs -I '{}' grep -w "^{}" ${ARPDIFF}
   fi
 
   # check for bound but not listed:
   BOUND_BUT_NOT_LISTED=`cat ${ARPDIFF} | cut -f1 | ${COMM} -23 --nocheck-order ${ARPSPONGES} -`
   if [ ! ${#BOUND_BUT_NOT_LISTED} = 0 ] ; then
-  echo "$RED:::: WARNING: The following IPs are bound to $INTERFACE but NOT listed as sponged:"
+  echo "$RED:::: WARNING: The following IPs are bound to $CAP_INTERFACE but NOT listed as sponged:"
   cat ${ARPDIFF} | cut -f1 | ${COMM} -23 --nocheck-order ${ARPSPONGES} -
   fi
 
@@ -359,4 +368,3 @@ fi
 # Clean up temp files:
 if [ -f "${ARPDIFF}" ]    ; then rm ${ARPDIFF}    ;  fi
 if [ -f "${ARPSPONGES}" ] ; then rm ${ARPSPONGES} ;  fi
-

IXP-Manager/update_ethers.sh

@@ -1,35 +1,78 @@
 #!/bin/bash
-
+# This file is part of IXP Watch
+#
+# IXP Watch is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation, version v2.0 of the License.
+#
+# IXP Watch is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# You should have received a copy of the GNU General Public License v2.0
+# along with IXP Watch If not, see:
+#
+# http://www.gnu.org/licenses/gpl-2.0.html
+#
 # <[email protected]> - 2020-08-24
 # Script to update /etc/ethers with member details to make
 # IXP-Watch reports and tcpdump more useful.
+# Set this up as a cron task to periodically update /etc/ethers e.g:
+#
+# 15 */2 * * * root /usr/local/bin/update_ethers.sh
+
+
+# Where is config vars file:
+CONFIG=/etc/ixpwatch/config.sh
+
+# default ethers file (set in CONFIG if different)
+ETHERSFILE=/etc/ethers
+
+# Config file can also be specified from the command line with -c <filename>:
+optstring=":c:"
+
+while getopts ${optstring} arg; do
+  case "${arg}" in
+    c)
+            # Set config file:
+            CONFIG=${OPTARG}
+    ;;
+  esac
+done
+
+
+if [ ! -f $CONFIG ] ; then
+ echo "Could not open config file $CONFIG!"
+ exit 1
+fi
+
+source $CONFIG
 
-DESTFILE=/etc/ethers
 TMPFILE=/tmp/ethers.$$
 
 umask 002
 
-  if [ ! -f "${DESTFILE}" ] ; then
-    touch ${DESTFILE} || echo "ERROR: could not write to ${DESTFILE}" >&2 ; exit 1
+  if [ ! -f "${ETHERSFILE}" ] ; then
+    touch ${ETHERSFILE} || echo "ERROR: could not write to ${ETHERSFILE}" >&2 ; exit 1
   fi
 
 # get updated ethers from IXP Manager:
-/usr/bin/wget -qO - https://portal.lonap.net/cgi-bin/json_ethers?vlanid=1 | jq -r '.ethers[] | [.mac,.ethersdesc] | @tsv' > ${TMPFILE}
+$WGET $WGET_OPTS $URL_ETHERS | $JQ -r '.ethers[] | [.mac,.ethersdesc] | @tsv' > ${TMPFILE}
 
   COUNTLINES=`grep -c "__" ${TMPFILE}`
 
    if [ $COUNTLINES -lt 20 ] ; then
-     echo "Hmm. file for ${DESTFILE} seems a bit short to me. Not using." >&2
+     echo "Hmm. file for ${ETHERSFILE} seems a bit short to me. Not using." >&2
      mv ${TMPFILE} ${TMPFILE}.err
 
    else 
 
-    cat ${TMPFILE} > ${DESTFILE}
+    cat ${TMPFILE} > ${ETHERSFILE}
 
    fi
 
 # clean up tmp file:
 if [ -f "${TMPFILE}" ] ; then
 	rm ${TMPFILE}
 fi
-

bin/ixp-watch

@@ -1,5 +1,5 @@
 #!/bin/bash
-# ixp-watch version: 1.15
+# ixp-watch version: 1.15.1
 # This file is part of IXP Watch
 #
 # IXP Watch is free software: you can redistribute it and/or modify it

bin/sponge

@@ -43,16 +43,32 @@
 # Where is config vars file:
 CONFIG=/etc/ixpwatch/config.sh
 
+# Config file can also be specified from the command line with -c <filename> [opts]
+optstring=":c:"
+
+while getopts ${optstring} arg; do
+  case "${arg}" in
+    c)
+            # Set config file:
+            CONFIG=${OPTARG}
+            shift
+    ;;
+  esac
+  shift
+done
+
+
 if [ ! -f $CONFIG ] ; then
  echo "Could not open config file $CONFIG!"
  exit 1
 fi
 
 source $CONFIG
 
+
 IP_DECIMAL="4294967295"
 
-if [ ! -f /usr/bin/sipcalc ] ; then
+if [ ! -f "$SIPCALC" ] ; then
 	echo "WARNING: sipcalc not found! No subnet check will be performed!"
 fi
 
@@ -71,9 +87,9 @@ O_ADDR=`echo $2 | cut -d/ -f1`
 echo ""
 printf "Checking address $O_ADDR..."
 
-if [ -f /usr/bin/sipcalc ] ; then
+if [ -f "$SIPCALC" ] ; then
 
-   IS_IN_NET=`/usr/bin/sipcalc $O_ADDR/$MASK | grep "^Network address" | awk -F"- " '{print $2}'`
+   IS_IN_NET=`$SIPCALC $O_ADDR/$MASK | grep "^Network address" | awk -F"- " '{print $2}'`
 
    if [ ! "$IS_IN_NET" = "$MY_NET" ] ; then
            printf "\b... *** FAILED! *** \n"
@@ -83,7 +99,7 @@ if [ -f /usr/bin/sipcalc ] ; then
            exit 1
    fi
 
-   IP_DECIMAL=`/usr/bin/sipcalc $O_ADDR | grep "(decimal)" | cut -f2 -d'-' | sed s/\ //g`
+   IP_DECIMAL=`$SIPCALC $O_ADDR | grep "(decimal)" | cut -f2 -d'-' | sed s/\ //g`
 
 fi
 
@@ -133,15 +149,15 @@ fi
 
 printf "Adding $O_ADDR to interface $CAP_INTERFACE..."
 
-/sbin/ip addr add $O_ADDR/$MASK dev $CAP_INTERFACE
+$IP addr add $O_ADDR/$MASK dev $CAP_INTERFACE
 
 ADDRESULT="$?"
 
 if [ "$ADDRESULT" = "0" ] ; then
  printf "...Success!\n\n"
 
   if [ ! "$3" = "-APPLY" ] ; then
-   /sbin/ip addr list dev $CAP_INTERFACE
+   $IP addr list dev $CAP_INTERFACE
    echo ""
    echo "$IP_DECIMAL $ISODATE $O_ADDR">>/etc/arpsponges
   fi
@@ -160,7 +176,7 @@ if [ "$ACTION" = "apply" ] ; then
 
  # Delete all secondary IP addresses from the interface:
  printf "Deleting all secondary addresses from $CAP_INTERFACE matching $SANITY_CHECK..."
- /sbin/ip addr list dev $CAP_INTERFACE | grep "inet " | grep $SANITY_CHECK | grep "scope global secondary" | \
+ $IP addr list dev $CAP_INTERFACE | grep "inet " | grep $SANITY_CHECK | grep "scope global secondary" | \
   awk -v interface="$CAP_INTERFACE" '{print "/sbin/ip addr del "$2" dev "interface}' | sh
  printf "...OK\n"
 
@@ -190,7 +206,7 @@ if [ "$ACTION" = "del" ] ; then
 
 printf "Deleting address $O_ADDR..."
 
-/sbin/ip addr del $O_ADDR/$MASK dev $CAP_INTERFACE
+$IP addr del $O_ADDR/$MASK dev $CAP_INTERFACE
 
 DELRESULT="$?"